From d695ed26b1948472eafaa8f34730297519d34c6b Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Tue, 18 Jun 2024 11:33:26 +0300 Subject: [PATCH 01/17] Allow secrets get permissions for intents operator role, to support reading DB credentials from k8s secrets --- .../templates/intents-operator-manager-clusterrole.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/intents-operator/templates/intents-operator-manager-clusterrole.yaml b/intents-operator/templates/intents-operator-manager-clusterrole.yaml index efaf4eb0..0136570b 100644 --- a/intents-operator/templates/intents-operator-manager-clusterrole.yaml +++ b/intents-operator/templates/intents-operator-manager-clusterrole.yaml @@ -113,6 +113,12 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -269,4 +275,4 @@ rules: - get - list - watch -{{ end }} \ No newline at end of file +{{ end }} From aaf0a54ff6ae2edb6195edb2806d89441447d936 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 20 Jun 2024 14:10:16 +0300 Subject: [PATCH 02/17] Fix tests go.mod to prevent an issue with go workspaces --- tests/go.mod | 9 +++------ tests/go.sum | 16 ++++++---------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/tests/go.mod b/tests/go.mod index 40c8a52b..a4ae4958 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -16,7 +16,7 @@ require ( github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/viper v1.18.2 + github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.9.0 helm.sh/helm/v3 v3.15.0-rc.1 k8s.io/api v0.30.0 @@ -131,13 +131,11 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/rubenv/sql-migrate v1.5.2 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sagikazarmark/locafero v0.4.0 // indirect - github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect - github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/cobra v1.8.0 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/suessflorian/gqlfetch v0.6.0 // indirect @@ -152,9 +150,8 @@ require ( go.opentelemetry.io/otel/metric v1.19.0 // indirect go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.21.0 // indirect - golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.6.0 // indirect diff --git a/tests/go.sum b/tests/go.sum index 9a26835d..c13efad8 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -426,10 +426,6 @@ github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWx github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= -github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= -github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= -github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA= github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -442,8 +438,6 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= -github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -451,10 +445,12 @@ github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= +github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ= -github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= +github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc= +github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -530,8 +526,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 h1:kWC3b7j6Fu09SnEBr7P4PuQyM0R6sqyH9R+EjIvT1nQ= +golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= From 7c0b4f8f8e94f3942f531f4cdccb3e00f89ed51b Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 20 Jun 2024 14:37:28 +0300 Subject: [PATCH 03/17] Allow reusing the e2e workflow with images from GCR --- .github/workflows/e2e-test.yaml | 71 ++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index a9ba95b0..3bda40ed 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -8,9 +8,21 @@ on: - ready_for_review - labeled workflow_call: + inputs: + gcr-registry: + required: false + type: string + intents-operator-tag: + required: false + type: string + credentials-operator-tag: + required: false + type: string secrets: AZURE_CREDENTIALS: required: true + B64_GCLOUD_SERVICE_ACCOUNT_JSON: + required: false jobs: test-chart-deployment: @@ -34,16 +46,45 @@ jobs: kubectl wait pods -n kube-system -l k8s-app=calico-node --for condition=Ready --timeout=90s kubectl wait pods -n kube-system -l k8s-app=calico-kube-controllers --for condition=Ready --timeout=90s + - name: Login to GCR + if: "${{ inputs.gcr-registry != '' }}" + uses: docker/login-action@v2 + with: + registry: ${{ inputs.gcr-registry }} + username: _json_key_base64 + password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} + + - name: Load intents-operator docker image from GCR + if: "${{ inputs.gcr-registry != '' && inputs.intents-operator-tag != ''}}" + run: |- + docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.intents-operator-tag }} + minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.intents-operator-tag }} + + - name: Load credentials-operator docker image from GCR + if: "${{ inputs.gcr-registry != '' && inputs.credentials-operator-tag != ''}}" + run: |- + docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + - name: Deploy Otterize run: |- helm dep up ./otterize-kubernetes # schema validation using kubectl dry run + OPERATOR_FLAGS="" + if [ -n "${{ inputs.intents-operator-tag }}" ]; then + OPERATOR_FLAGS="$OPERATOR_FLAGS --set-string intentsOperator.operator.repository=${{ inputs.gcp-registry }} --set-string intentsOperator.operator.image=intents-operator --set-string intentsOperator.operator.tag=${{ inputs.intents-operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never" + fi + if [ -n "${{ inputs.credentials-operator-tag }}" ]; then + OPERATOR_FLAGS="$OPERATOR_FLAGS --set-string credentialsOperator.operator.repository=${{ inputs.gcp-registry }} --set-string credentialsOperator.operator.image=credentials-operator --set-string credentialsOperator.operator.tag=${{ inputs.credentials-operator-tag }} --set-string credentialsOperator.operator.pullPolicy=Never" + fi + TELEMETRY_FLAG="--set global.telemetry.enabled=false" + kubectl create namespace otterize-system # required for dry-run - helm template otterize ./otterize-kubernetes -n otterize-system --set global.telemetry.enabled=false | kubectl apply --dry-run=server -f - + helm template otterize ./otterize-kubernetes -n otterize-system $OPERATOR_FLAGS $TELEMETRY_FLAG | kubectl apply --dry-run=server -f - kubectl delete namespace otterize-system # clean up # installation - helm install otterize ./otterize-kubernetes -n otterize-system --wait --create-namespace --set global.telemetry.enabled=false + helm install otterize ./otterize-kubernetes -n otterize-system --wait --create-namespace $OPERATOR_FLAGS $TELEMETRY_FLAG test-database-integrations: runs-on: ubuntu-latest @@ -66,6 +107,26 @@ jobs: - name: Helm dependency update run: helm dep up ./otterize-kubernetes + - name: Login to GCR + if: "${{ inputs.gcr-registry != '' }}" + uses: docker/login-action@v2 + with: + registry: ${{ inputs.gcr-registry }} + username: _json_key_base64 + password: ${{ secrets.B64_GCLOUD_SERVICE_ACCOUNT_JSON}} + + - name: Load intents-operator docker image from GCR + if: "${{ inputs.gcr-registry != '' && inputs.intents-operator-tag != ''}}" + run: |- + docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.intents-operator-tag }} + minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.intents-operator-tag }} + + - name: Load credentials-operator docker image from GCR + if: "${{ inputs.gcr-registry != '' && inputs.credentials-operator-tag != ''}}" + run: |- + docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + - name: Run E2E tests - database integrations run: | cd tests @@ -79,6 +140,12 @@ jobs: group: azure-e2e-tests # do not allow concurrent runs of this job cancel-in-progress: false steps: + - name: Fail on custom registry + if: "${{ inputs.gcr-registry != '' }}" + run: | + echo "This job does not support custom docker registry" + exit 1 + - name: Checkout repository uses: actions/checkout@v4 From 1474a960fbbc57aa4b96ef139efd776a4bc1bc7e Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 20 Jun 2024 15:50:04 +0300 Subject: [PATCH 04/17] Avoid running Azure tests on trigger from other repos (it won't work for now) --- .github/workflows/e2e-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 3bda40ed..0628d3ae 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -133,7 +133,7 @@ jobs: go test -v -json ./databases/... | tee gotest.log | gotestfmt test-azure-integration: - if: contains(github.event.pull_request.labels.*.name, 'run-azure-e2e-tests') || (github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/'))) + if: contains(github.event.pull_request.labels.*.name, 'run-azure-e2e-tests') || (github.event_name == 'push' && github.repository == 'otterize/helm-charts' && startsWith(github.ref, 'refs/tags/')) timeout-minutes: 5 runs-on: ubuntu-latest concurrency: From c27e6b611f05722f44115a1c21dc74b3c0cbf080 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 20 Jun 2024 15:57:35 +0300 Subject: [PATCH 05/17] explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories --- .github/workflows/e2e-test.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 0628d3ae..66e4c3d9 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -31,6 +31,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + # explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories + repository: 'otterize/helm-charts' - name: Set up Helm uses: azure/setup-helm@v4.2.0 @@ -91,6 +94,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + # explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories + repository: 'otterize/helm-charts' - name: Start minikube uses: medyagh/setup-minikube@master @@ -148,6 +154,9 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + with: + # explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories + repository: 'otterize/helm-charts' - name: Log in with Azure uses: azure/login@v2 From 317a49553d1d567b794d5f1f4bcff2f9d208e0f7 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Thu, 20 Jun 2024 16:06:51 +0300 Subject: [PATCH 06/17] Add final e2e-test step depending on required tests to make it easier to depend on --- .github/workflows/e2e-test.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 66e4c3d9..b1abb91e 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -204,4 +204,13 @@ jobs: - name: Run E2E tests - azure integrations run: | cd tests - go test -v -json ./azureiam/... | tee gotest.log | gotestfmt \ No newline at end of file + go test -v -json ./azureiam/... | tee gotest.log | gotestfmt + + e2e-test: + needs: + - test-chart-deployment + - test-database-integrations + runs-on: ubuntu-latest + steps: + - run: |- + echo Success! This step is only here to depend on the tests. \ No newline at end of file From f4d3c81a5031fc1585cc061c467eb9c042757cfc Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 11:27:38 +0300 Subject: [PATCH 07/17] Fix gcp-registry var reference --- .github/workflows/e2e-test.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index b1abb91e..b3cfe0dd 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -75,10 +75,10 @@ jobs: # schema validation using kubectl dry run OPERATOR_FLAGS="" if [ -n "${{ inputs.intents-operator-tag }}" ]; then - OPERATOR_FLAGS="$OPERATOR_FLAGS --set-string intentsOperator.operator.repository=${{ inputs.gcp-registry }} --set-string intentsOperator.operator.image=intents-operator --set-string intentsOperator.operator.tag=${{ inputs.intents-operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never" + OPERATOR_FLAGS="$OPERATOR_FLAGS --set-string intentsOperator.operator.repository=${{ inputs.gcr-registry }} --set-string intentsOperator.operator.image=intents-operator --set-string intentsOperator.operator.tag=${{ inputs.intents-operator-tag }} --set-string intentsOperator.operator.pullPolicy=Never" fi if [ -n "${{ inputs.credentials-operator-tag }}" ]; then - OPERATOR_FLAGS="$OPERATOR_FLAGS --set-string credentialsOperator.operator.repository=${{ inputs.gcp-registry }} --set-string credentialsOperator.operator.image=credentials-operator --set-string credentialsOperator.operator.tag=${{ inputs.credentials-operator-tag }} --set-string credentialsOperator.operator.pullPolicy=Never" + OPERATOR_FLAGS="$OPERATOR_FLAGS --set-string credentialsOperator.operator.repository=${{ inputs.gcr-registry }} --set-string credentialsOperator.operator.image=credentials-operator --set-string credentialsOperator.operator.tag=${{ inputs.credentials-operator-tag }} --set-string credentialsOperator.operator.pullPolicy=Never" fi TELEMETRY_FLAG="--set global.telemetry.enabled=false" @@ -134,6 +134,7 @@ jobs: minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} - name: Run E2E tests - database integrations + # TODO: provide registry & image tags as arguments run: | cd tests go test -v -json ./databases/... | tee gotest.log | gotestfmt From f22acf2f52cd61bf9b3633849cf5edf3213d524f Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 12:18:12 +0300 Subject: [PATCH 08/17] Input custom operator tags to database integration e2e tests --- .github/workflows/e2e-test.yaml | 15 +++++++- tests/azureiam/azureiam_test.go | 26 +++++-------- tests/base_suite.go | 47 +++++++++++++++++++++++ tests/databases/postgres/postgres_test.go | 16 +------- 4 files changed, 72 insertions(+), 32 deletions(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index b3cfe0dd..24744c30 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -133,8 +133,21 @@ jobs: docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + - name: Set intents operator image env vars + if: "${{ inputs.gcr-registry != '' && inputs.intents-operator-tag != ''}}" + run: | + echo "INTENTS_OPERATOR_REPOSITORY=${{ inputs.gcr-registry }}" >> $GITHUB_ENV + echo "INTENTS_OPERATOR_IMAGE=intents-operator" >> $GITHUB_ENV + echo "INTENTS_OPERATOR_TAG=${{ inputs.intents-operator-tag }}" >> $GITHUB_ENV + + - name: Set credentials operator image env vars + if: "${{ inputs.gcr-registry != '' && inputs.credentials-operator-tag != ''}}" + run: | + echo "CREDENTIALS_OPERATOR_REPOSITORY=${{ inputs.gcr-registry }}" >> $GITHUB_ENV + echo "CREDENTIALS_OPERATOR_IMAGE=credentials-operator" >> $GITHUB_ENV + echo "CREDENTIALS_OPERATOR_TAG=${{ inputs.credentials-operator-tag }}" >> $GITHUB_ENV + - name: Run E2E tests - database integrations - # TODO: provide registry & image tags as arguments run: | cd tests go test -v -json ./databases/... | tee gotest.log | gotestfmt diff --git a/tests/azureiam/azureiam_test.go b/tests/azureiam/azureiam_test.go index 90cd5015..1e96ab93 100644 --- a/tests/azureiam/azureiam_test.go +++ b/tests/azureiam/azureiam_test.go @@ -129,22 +129,16 @@ func (s *AzureIAMTestSuite) initAzureAgent() { } func (s *AzureIAMTestSuite) installOtterizeForAzureIAM() { - values := map[string]any{ - "global": map[string]any{ - "azure": map[string]any{ - "enabled": true, - "subscriptionID": s.conf.SubscriptionID, - "resourceGroup": s.conf.ResourceGroup, - "aksClusterName": s.conf.AKSClusterName, - "userAssignedIdentityID": s.conf.OtterizeOperatorUserAssignedIdentityClientID, - }, - "deployment": map[string]any{ - "networkMapper": false, - }, - "telemetry": map[string]interface{}{ - "enabled": false, - }, - }, + values := s.GetDefaultHelmChartValues() + if _, ok := values["global"]; !ok { + values["global"] = map[string]any{} + } + values["global"].(map[string]any)["azure"] = map[string]any{ + "enabled": true, + "subscriptionID": s.conf.SubscriptionID, + "resourceGroup": s.conf.ResourceGroup, + "aksClusterName": s.conf.AKSClusterName, + "userAssignedIdentityID": s.conf.OtterizeOperatorUserAssignedIdentityClientID, } s.InstallOtterizeHelmChart(values) diff --git a/tests/base_suite.go b/tests/base_suite.go index ec861b9a..cac95e3f 100644 --- a/tests/base_suite.go +++ b/tests/base_suite.go @@ -89,6 +89,53 @@ func (s *BaseSuite) SetupSuite() { }) } +func (s *BaseSuite) GetDefaultHelmChartValues() map[string]any { + defaultValues := map[string]any{ + "global": map[string]any{ + "deployment": map[string]any{ + "networkMapper": false, + }, + "telemetry": map[string]any{ + "enabled": false, + }, + }, + } + + intentsOperatorRepository := os.Getenv("INTENTS_OPERATOR_REPOSITORY") + intentsOperatorImage := os.Getenv("INTENTS_OPERATOR_IMAGE") + intentsOperatorTag := os.Getenv("INTENTS_OPERATOR_TAG") + + if intentsOperatorTag != "" { + if _, ok := defaultValues["intentsOperator"]; !ok { + defaultValues["intentsOperator"] = map[string]any{} + } + defaultValues["intentsOperator"].(map[string]any)["operator"] = map[string]any{ + "tag": intentsOperatorTag, + "image": intentsOperatorImage, + "repository": intentsOperatorRepository, + "pullPolicy": "Never", + } + } + + credentialsOperatorRepository := os.Getenv("CREDENTIALS_OPERATOR_REPOSITORY") + credentialsOperatorImage := os.Getenv("CREDENTIALS_OPERATOR_IMAGE") + credentialsOperatorTag := os.Getenv("CREDENTIALS_OPERATOR_TAG") + + if credentialsOperatorTag != "" { + if _, ok := defaultValues["credentialsOperator"]; !ok { + defaultValues["credentialsOperator"] = map[string]any{} + } + defaultValues["credentialsOperator"].(map[string]any)["operator"] = map[string]any{ + "tag": credentialsOperatorTag, + "image": credentialsOperatorImage, + "repository": credentialsOperatorRepository, + "pullPolicy": "Never", + } + } + + return defaultValues +} + func (s *BaseSuite) InstallOtterizeHelmChart(values map[string]any) { // Load Chart.yaml chart, err := loader.Load(OtterizeKubernetesChartPath) diff --git a/tests/databases/postgres/postgres_test.go b/tests/databases/postgres/postgres_test.go index 8d0b3647..85acb8e8 100644 --- a/tests/databases/postgres/postgres_test.go +++ b/tests/databases/postgres/postgres_test.go @@ -39,7 +39,7 @@ type PostgresTestSuite struct { func (s *PostgresTestSuite) SetupSuite() { s.BaseSuite.SetupSuite() - s.installOtterizeNetworkMapperDisabled() + s.InstallOtterizeHelmChart(s.GetDefaultHelmChartValues()) s.PGServerConfClient = s.DynamicClient.Resource(schema.GroupVersionResource{ Group: "k8s.otterize.com", @@ -54,20 +54,6 @@ func (s *PostgresTestSuite) TearDownSuite() { s.UninstallOtterizeHelmChart(ctx) } -func (s *PostgresTestSuite) installOtterizeNetworkMapperDisabled() { - values := map[string]interface{}{ - "global": map[string]interface{}{ - "deployment": map[string]interface{}{ - "networkMapper": false, - }, - "telemetry": map[string]interface{}{ - "enabled": false, - }, - }, - } - s.InstallOtterizeHelmChart(values) -} - func (s *PostgresTestSuite) SetupTest() { ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(2*time.Minute)) defer cancel() From 5335a1de6ab7167fb8eedcb965b7e35298d9a007 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 13:34:11 +0300 Subject: [PATCH 09/17] Fix load credentials-operator docker image step --- .github/workflows/e2e-test.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 24744c30..957525fc 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -66,8 +66,8 @@ jobs: - name: Load credentials-operator docker image from GCR if: "${{ inputs.gcr-registry != '' && inputs.credentials-operator-tag != ''}}" run: |- - docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} - minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + docker pull ${{ inputs.gcr-registry }}/credentials-operator:${{ inputs.credentials-operator-tag }} + minikube image load ${{ inputs.gcr-registry }}/credentials-operator:${{ inputs.credentials-operator-tag }} - name: Deploy Otterize run: |- @@ -130,8 +130,8 @@ jobs: - name: Load credentials-operator docker image from GCR if: "${{ inputs.gcr-registry != '' && inputs.credentials-operator-tag != ''}}" run: |- - docker pull ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} - minikube image load ${{ inputs.gcr-registry }}/intents-operator:${{ inputs.credentials-operator-tag }} + docker pull ${{ inputs.gcr-registry }}/credentials-operator:${{ inputs.credentials-operator-tag }} + minikube image load ${{ inputs.gcr-registry }}/credentials-operator:${{ inputs.credentials-operator-tag }} - name: Set intents operator image env vars if: "${{ inputs.gcr-registry != '' && inputs.intents-operator-tag != ''}}" From f59187d67f24fb99adbe218f1111d1168b1696e8 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 13:48:00 +0300 Subject: [PATCH 10/17] Fix export env vars to propagate to go test --- .github/workflows/e2e-test.yaml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 957525fc..e7a0466c 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -133,23 +133,19 @@ jobs: docker pull ${{ inputs.gcr-registry }}/credentials-operator:${{ inputs.credentials-operator-tag }} minikube image load ${{ inputs.gcr-registry }}/credentials-operator:${{ inputs.credentials-operator-tag }} - - name: Set intents operator image env vars - if: "${{ inputs.gcr-registry != '' && inputs.intents-operator-tag != ''}}" - run: | - echo "INTENTS_OPERATOR_REPOSITORY=${{ inputs.gcr-registry }}" >> $GITHUB_ENV - echo "INTENTS_OPERATOR_IMAGE=intents-operator" >> $GITHUB_ENV - echo "INTENTS_OPERATOR_TAG=${{ inputs.intents-operator-tag }}" >> $GITHUB_ENV - - - name: Set credentials operator image env vars - if: "${{ inputs.gcr-registry != '' && inputs.credentials-operator-tag != ''}}" - run: | - echo "CREDENTIALS_OPERATOR_REPOSITORY=${{ inputs.gcr-registry }}" >> $GITHUB_ENV - echo "CREDENTIALS_OPERATOR_IMAGE=credentials-operator" >> $GITHUB_ENV - echo "CREDENTIALS_OPERATOR_TAG=${{ inputs.credentials-operator-tag }}" >> $GITHUB_ENV - - name: Run E2E tests - database integrations run: | cd tests + if [ -n "${{ inputs.intents-operator-tag }}" ]; then + export INTENTS_OPERATOR_REPOSITORY=${{ inputs.gcr-registry }} + export INTENTS_OPERATOR_TAG=${{ inputs.intents-operator-tag }} + export INTENTS_OPERATOR_IMAGE=intents-operator + fi + if [ -n "${{ inputs.credentials-operator-tag }}" ]; then + export CREDENTIALS_OPERATOR_REPOSITORY=${{ inputs.gcr-registry }} + export CREDENTIALS_OPERATOR_TAG=${{ inputs.credentials-operator-tag }} + export CREDENTIALS_OPERATOR_IMAGE=credentials-operator + fi go test -v -json ./databases/... | tee gotest.log | gotestfmt test-azure-integration: From c867344a7eb64a42667765e87cf96b0d4b97d685 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 15:19:15 +0300 Subject: [PATCH 11/17] Log env vars --- tests/base_suite.go | 14 ++++ tests/databases/postgres/postgres_test.go | 81 ++++++++++++++++++++--- tests/go.mod | 7 +- tests/go.sum | 5 ++ 4 files changed, 95 insertions(+), 12 deletions(-) diff --git a/tests/base_suite.go b/tests/base_suite.go index cac95e3f..11b1ae35 100644 --- a/tests/base_suite.go +++ b/tests/base_suite.go @@ -90,6 +90,14 @@ func (s *BaseSuite) SetupSuite() { } func (s *BaseSuite) GetDefaultHelmChartValues() map[string]any { + //os.Setenv("INTENTS_OPERATOR_REPOSITORY", "us-central1-docker.pkg.dev/main-383408/otterize") + //os.Setenv("INTENTS_OPERATOR_IMAGE", "intents-operator") + //os.Setenv("INTENTS_OPERATOR_TAG", "5abc12708ac0d022c658d2cd665d65f6d4aa71a0") + //os.Setenv("CREDENTIALS_OPERATOR_REPOSITORY", "us-central1-docker.pkg.dev/main-383408/otterize") + //os.Setenv("CREDENTIALS_OPERATOR_IMAGE", "credentials-operator") + //os.Setenv("CREDENTIALS_OPERATOR_TAG", "4f4062035308a2b8baf8c0f29bc53ce15d05286c") + logrus.WithField("environment", os.Environ()).Info("Environment variables") + defaultValues := map[string]any{ "global": map[string]any{ "deployment": map[string]any{ @@ -99,6 +107,12 @@ func (s *BaseSuite) GetDefaultHelmChartValues() map[string]any { "enabled": false, }, }, + "intentsOperator": map[string]any{ + "debug": true, + }, + "credentialsOperator": map[string]any{ + "debug": true, + }, } intentsOperatorRepository := os.Getenv("INTENTS_OPERATOR_REPOSITORY") diff --git a/tests/databases/postgres/postgres_test.go b/tests/databases/postgres/postgres_test.go index 85acb8e8..0dac0283 100644 --- a/tests/databases/postgres/postgres_test.go +++ b/tests/databases/postgres/postgres_test.go @@ -19,14 +19,15 @@ import ( ) const ( - PostgresRootPassword = "integrationtestpassword11" - PostgresCredsSecretName = "postgres-user-password" - PostgresSvcName = "otterize-database" - PostgresDatabaseName = "test-db" - PostgresInstanceName = "otterize-postgres" - PostgresRootUser = "otterize-admin" - IntentsResourceName = "psql-client-intents" - PostgresConnectionString = "postgres://%s:%s@%s:5432/%s" + PostgresRootCredentialsSecretName = "postgres-root-credentials" + PostgresRootPassword = "integrationtestpassword11" + PostgresCredsSecretName = "postgres-user-password" + PostgresSvcName = "otterize-database" + PostgresDatabaseName = "test-db" + PostgresInstanceName = "otterize-postgres" + PostgresRootUser = "otterize-admin" + IntentsResourceName = "psql-client-intents" + PostgresConnectionString = "postgres://%s:%s@%s:5432/%s" ) type PostgresTestSuite struct { @@ -73,8 +74,6 @@ func (s *PostgresTestSuite) SetupTest() { // Get client pod name s.clientPod = s.FindPodByLabel(ctx, s.testNamespaceName, "app=psql-client") - - s.applyPGServerConf(ctx) } func (s *PostgresTestSuite) TearDownTest() { @@ -260,7 +259,7 @@ func (s *PostgresTestSuite) deployDatabaseClient(ctx context.Context) { s.WaitForDeploymentAvailability(ctx, clientDeployment.Namespace, clientDeployment.Name) } -func (s *PostgresTestSuite) applyPGServerConf(ctx context.Context) { +func (s *PostgresTestSuite) applyPGServerConfWithInlinePassword(ctx context.Context) { pgServerConf := v1alpha3.PostgreSQLServerConfig{ TypeMeta: metav1.TypeMeta{ Kind: "PostgreSQLServerConfig", @@ -283,6 +282,43 @@ func (s *PostgresTestSuite) applyPGServerConf(ctx context.Context) { s.Require().NoError(err) } +func (s *PostgresTestSuite) applyPGServerConfWithSecretRef(ctx context.Context) { + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: PostgresRootCredentialsSecretName, + }, + StringData: map[string]string{ + "username": PostgresRootUser, + "password": PostgresRootPassword, + }, + } + + _, err := s.Client.CoreV1().Secrets(s.testNamespaceName).Create(ctx, secret, metav1.CreateOptions{}) + s.Require().NoError(err) + + pgServerConf := v1alpha3.PostgreSQLServerConfig{ + TypeMeta: metav1.TypeMeta{ + Kind: "PostgreSQLServerConfig", + APIVersion: "k8s.otterize.com/v1alpha3", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: PostgresInstanceName, + }, + Spec: v1alpha3.PostgreSQLServerConfigSpec{ + Address: fmt.Sprintf("%s.%s.svc.cluster.local:5432", PostgresSvcName, s.testNamespaceName), + Credentials: v1alpha3.DatabaseCredentials{ + SecretRef: &v1alpha3.DatabaseCredentialsSecretRef{ + Name: PostgresRootCredentialsSecretName, + }, + }, + }, + } + + u := s.GetUnstructuredObject(pgServerConf, pgServerConf.GroupVersionKind()) + _, err = s.PGServerConfClient.Namespace(s.testNamespaceName).Create(ctx, u, metav1.CreateOptions{}) + s.Require().NoError(err) +} + func (s *PostgresTestSuite) runCreateTableJob(ctx context.Context) { connectionString := fmt.Sprintf(PostgresConnectionString, PostgresRootUser, PostgresRootPassword, PostgresSvcName, PostgresDatabaseName) res, err := s.Client.BatchV1().Jobs(s.testNamespaceName).Create(ctx, &batchv1.Job{ @@ -315,6 +351,8 @@ func (s *PostgresTestSuite) TestWorkloadFailsToAccessDatabase() { ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(1*time.Minute)) defer cancel() + s.applyPGServerConfWithInlinePassword(ctx) + logrus.Info("Validating client pod fails to access the database") s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "password authentication failed") } @@ -323,6 +361,8 @@ func (s *PostgresTestSuite) TestAddSelectAndInsertPermissionsForDB() { ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(1*time.Minute)) defer cancel() + s.applyPGServerConfWithInlinePassword(ctx) + s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "password authentication failed") s.applyIntents(ctx, []v1alpha3.DatabaseOperation{v1alpha3.DatabaseOperationInsert, v1alpha3.DatabaseOperationSelect}) @@ -336,6 +376,8 @@ func (s *PostgresTestSuite) TestInsertPermissionWithoutSelect() { ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(1*time.Minute)) defer cancel() + s.applyPGServerConfWithInlinePassword(ctx) + s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "password authentication failed") s.applyIntents(ctx, []v1alpha3.DatabaseOperation{v1alpha3.DatabaseOperationInsert}) @@ -349,6 +391,8 @@ func (s *PostgresTestSuite) TestSelectPermissionWithoutInsert() { ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(1*time.Minute)) defer cancel() + s.applyPGServerConfWithInlinePassword(ctx) + s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "password authentication failed") s.applyIntents(ctx, []v1alpha3.DatabaseOperation{v1alpha3.DatabaseOperationSelect}) @@ -358,6 +402,21 @@ func (s *PostgresTestSuite) TestSelectPermissionWithoutInsert() { s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Unable to perform INSERT operation") } +//func (s *PostgresTestSuite) TestAddSelectAndInsertPermissionsWithSecretRefPermissions() { +// ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(1*time.Minute)) +// defer cancel() +// +// s.applyPGServerConfWithSecretRef(ctx) +// +// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "password authentication failed") +// +// s.applyIntents(ctx, []v1alpha3.DatabaseOperation{v1alpha3.DatabaseOperationInsert, v1alpha3.DatabaseOperationSelect}) +// logrus.Info("Validating client pod was granted SELECT & INSERT permissions") +// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Successfully connected to database") +// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Successfully INSERTED") +// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Successfully SELECTED") +//} + func TestPostgresEnforcementTestSuite(t *testing.T) { suite.Run(t, new(PostgresTestSuite)) } diff --git a/tests/go.mod b/tests/go.mod index a4ae4958..157716c1 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -13,7 +13,7 @@ require ( github.com/jackc/pgx/v5 v5.6.0 github.com/joho/godotenv v1.5.1 github.com/lib/pq v1.10.9 - github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5 + github.com/otterize/intents-operator/src v0.0.0-20240623113422-6820f7294c78 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 @@ -38,6 +38,9 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/hcsshim v0.11.4 // indirect + github.com/agnivade/levenshtein v1.1.1 // indirect + github.com/alexflint/go-arg v1.4.2 // indirect + github.com/alexflint/go-scalar v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bugsnag/bugsnag-go/v2 v2.2.0 // indirect @@ -152,6 +155,7 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect + golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.6.0 // indirect @@ -159,6 +163,7 @@ require ( golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.18.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect diff --git a/tests/go.sum b/tests/go.sum index c13efad8..b01c09e5 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -50,10 +50,13 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/agnivade/levenshtein v1.1.0/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= +github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alexflint/go-arg v1.4.2 h1:lDWZAXxpAnZUq4qwb86p/3rIJJ2Li81EoMbTMujhVa0= github.com/alexflint/go-arg v1.4.2/go.mod h1:9iRbDxne7LcR/GSvEr7ma++GLpdIU1zrghf2y2768kM= +github.com/alexflint/go-scalar v1.0.0 h1:NGupf1XV/Xb04wXskDFzS0KWOLH632W/EO4fAFi+A70= github.com/alexflint/go-scalar v1.0.0/go.mod h1:GpHzbCOZXEKMEcygYQ5n/aa4Aq84zbxjy3MxYW0gjYw= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= @@ -384,6 +387,8 @@ github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/ github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5 h1:H/18oQxpUqdrlyaIw66jo3yEWN8wohl/0+V9Ko1i7Ic= github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5/go.mod h1:7vDL6/NAo7AobUGqDGU/277xGyb0KTRQoqRjoouhh44= +github.com/otterize/intents-operator/src v0.0.0-20240623113422-6820f7294c78 h1:YDVGIeLdoLqSZfF9eRJyBP0GRK7UsIoWWCUQcX9qW5M= +github.com/otterize/intents-operator/src v0.0.0-20240623113422-6820f7294c78/go.mod h1:7vDL6/NAo7AobUGqDGU/277xGyb0KTRQoqRjoouhh44= github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= From 3b2a612385d4765a6a6b27b6ecb262980fe19a3e Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 15:24:10 +0300 Subject: [PATCH 12/17] Add missing setup go step --- .github/workflows/e2e-test.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index e7a0466c..e42a4065 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -104,6 +104,12 @@ jobs: - name: Set up Helm uses: azure/setup-helm@v4.2.0 + - name: Setup go + uses: actions/setup-go@v5 + with: + go-version: 1.22.1 + cache-dependency-path: tests/go.sum + - name: Set up gotestfmt uses: GoTestTools/gotestfmt-action@v2 with: From f8e9a06ffaecc3d362196ef410e7e4f0bb8f54e2 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 15:28:21 +0300 Subject: [PATCH 13/17] Comment-out unused code --- tests/databases/postgres/postgres_test.go | 72 +++++++++++------------ 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/databases/postgres/postgres_test.go b/tests/databases/postgres/postgres_test.go index 0dac0283..900ca34f 100644 --- a/tests/databases/postgres/postgres_test.go +++ b/tests/databases/postgres/postgres_test.go @@ -282,42 +282,42 @@ func (s *PostgresTestSuite) applyPGServerConfWithInlinePassword(ctx context.Cont s.Require().NoError(err) } -func (s *PostgresTestSuite) applyPGServerConfWithSecretRef(ctx context.Context) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: PostgresRootCredentialsSecretName, - }, - StringData: map[string]string{ - "username": PostgresRootUser, - "password": PostgresRootPassword, - }, - } - - _, err := s.Client.CoreV1().Secrets(s.testNamespaceName).Create(ctx, secret, metav1.CreateOptions{}) - s.Require().NoError(err) - - pgServerConf := v1alpha3.PostgreSQLServerConfig{ - TypeMeta: metav1.TypeMeta{ - Kind: "PostgreSQLServerConfig", - APIVersion: "k8s.otterize.com/v1alpha3", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: PostgresInstanceName, - }, - Spec: v1alpha3.PostgreSQLServerConfigSpec{ - Address: fmt.Sprintf("%s.%s.svc.cluster.local:5432", PostgresSvcName, s.testNamespaceName), - Credentials: v1alpha3.DatabaseCredentials{ - SecretRef: &v1alpha3.DatabaseCredentialsSecretRef{ - Name: PostgresRootCredentialsSecretName, - }, - }, - }, - } - - u := s.GetUnstructuredObject(pgServerConf, pgServerConf.GroupVersionKind()) - _, err = s.PGServerConfClient.Namespace(s.testNamespaceName).Create(ctx, u, metav1.CreateOptions{}) - s.Require().NoError(err) -} +//func (s *PostgresTestSuite) applyPGServerConfWithSecretRef(ctx context.Context) { +// secret := &corev1.Secret{ +// ObjectMeta: metav1.ObjectMeta{ +// Name: PostgresRootCredentialsSecretName, +// }, +// StringData: map[string]string{ +// "username": PostgresRootUser, +// "password": PostgresRootPassword, +// }, +// } +// +// _, err := s.Client.CoreV1().Secrets(s.testNamespaceName).Create(ctx, secret, metav1.CreateOptions{}) +// s.Require().NoError(err) +// +// pgServerConf := v1alpha3.PostgreSQLServerConfig{ +// TypeMeta: metav1.TypeMeta{ +// Kind: "PostgreSQLServerConfig", +// APIVersion: "k8s.otterize.com/v1alpha3", +// }, +// ObjectMeta: metav1.ObjectMeta{ +// Name: PostgresInstanceName, +// }, +// Spec: v1alpha3.PostgreSQLServerConfigSpec{ +// Address: fmt.Sprintf("%s.%s.svc.cluster.local:5432", PostgresSvcName, s.testNamespaceName), +// Credentials: v1alpha3.DatabaseCredentials{ +// SecretRef: &v1alpha3.DatabaseCredentialsSecretRef{ +// Name: PostgresRootCredentialsSecretName, +// }, +// }, +// }, +// } +// +// u := s.GetUnstructuredObject(pgServerConf, pgServerConf.GroupVersionKind()) +// _, err = s.PGServerConfClient.Namespace(s.testNamespaceName).Create(ctx, u, metav1.CreateOptions{}) +// s.Require().NoError(err) +//} func (s *PostgresTestSuite) runCreateTableJob(ctx context.Context) { connectionString := fmt.Sprintf(PostgresConnectionString, PostgresRootUser, PostgresRootPassword, PostgresSvcName, PostgresDatabaseName) From 09e985e6807f08c845235fddf0494ce1a87a7453 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 15:40:34 +0300 Subject: [PATCH 14/17] Add github_ref input for helm charts repo --- .github/workflows/e2e-test.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index e42a4065..a5165c1a 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -9,6 +9,9 @@ on: - labeled workflow_call: inputs: + github_ref: + required: false + type: string gcr-registry: required: false type: string @@ -34,6 +37,7 @@ jobs: with: # explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories repository: 'otterize/helm-charts' + ref: ${{ inputs.github_ref }} - name: Set up Helm uses: azure/setup-helm@v4.2.0 @@ -97,6 +101,7 @@ jobs: with: # explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories repository: 'otterize/helm-charts' + ref: ${{ inputs.github_ref }} - name: Start minikube uses: medyagh/setup-minikube@master @@ -173,6 +178,7 @@ jobs: with: # explicitly checkout helm-charts repository since this is a reusable workflow that's called from other repositories repository: 'otterize/helm-charts' + ref: ${{ inputs.github_ref }} - name: Log in with Azure uses: azure/login@v2 From 02fb6e6d415848a083cd1ddd96c875d63a5a32d5 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 16:15:42 +0300 Subject: [PATCH 15/17] Remove SecretRef credentials tests for now --- tests/databases/postgres/postgres_test.go | 52 ----------------------- tests/go.mod | 7 +-- tests/go.sum | 5 --- 3 files changed, 1 insertion(+), 63 deletions(-) diff --git a/tests/databases/postgres/postgres_test.go b/tests/databases/postgres/postgres_test.go index 900ca34f..38def5a3 100644 --- a/tests/databases/postgres/postgres_test.go +++ b/tests/databases/postgres/postgres_test.go @@ -282,43 +282,6 @@ func (s *PostgresTestSuite) applyPGServerConfWithInlinePassword(ctx context.Cont s.Require().NoError(err) } -//func (s *PostgresTestSuite) applyPGServerConfWithSecretRef(ctx context.Context) { -// secret := &corev1.Secret{ -// ObjectMeta: metav1.ObjectMeta{ -// Name: PostgresRootCredentialsSecretName, -// }, -// StringData: map[string]string{ -// "username": PostgresRootUser, -// "password": PostgresRootPassword, -// }, -// } -// -// _, err := s.Client.CoreV1().Secrets(s.testNamespaceName).Create(ctx, secret, metav1.CreateOptions{}) -// s.Require().NoError(err) -// -// pgServerConf := v1alpha3.PostgreSQLServerConfig{ -// TypeMeta: metav1.TypeMeta{ -// Kind: "PostgreSQLServerConfig", -// APIVersion: "k8s.otterize.com/v1alpha3", -// }, -// ObjectMeta: metav1.ObjectMeta{ -// Name: PostgresInstanceName, -// }, -// Spec: v1alpha3.PostgreSQLServerConfigSpec{ -// Address: fmt.Sprintf("%s.%s.svc.cluster.local:5432", PostgresSvcName, s.testNamespaceName), -// Credentials: v1alpha3.DatabaseCredentials{ -// SecretRef: &v1alpha3.DatabaseCredentialsSecretRef{ -// Name: PostgresRootCredentialsSecretName, -// }, -// }, -// }, -// } -// -// u := s.GetUnstructuredObject(pgServerConf, pgServerConf.GroupVersionKind()) -// _, err = s.PGServerConfClient.Namespace(s.testNamespaceName).Create(ctx, u, metav1.CreateOptions{}) -// s.Require().NoError(err) -//} - func (s *PostgresTestSuite) runCreateTableJob(ctx context.Context) { connectionString := fmt.Sprintf(PostgresConnectionString, PostgresRootUser, PostgresRootPassword, PostgresSvcName, PostgresDatabaseName) res, err := s.Client.BatchV1().Jobs(s.testNamespaceName).Create(ctx, &batchv1.Job{ @@ -402,21 +365,6 @@ func (s *PostgresTestSuite) TestSelectPermissionWithoutInsert() { s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Unable to perform INSERT operation") } -//func (s *PostgresTestSuite) TestAddSelectAndInsertPermissionsWithSecretRefPermissions() { -// ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(1*time.Minute)) -// defer cancel() -// -// s.applyPGServerConfWithSecretRef(ctx) -// -// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "password authentication failed") -// -// s.applyIntents(ctx, []v1alpha3.DatabaseOperation{v1alpha3.DatabaseOperationInsert, v1alpha3.DatabaseOperationSelect}) -// logrus.Info("Validating client pod was granted SELECT & INSERT permissions") -// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Successfully connected to database") -// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Successfully INSERTED") -// s.ReadPodLogsUntilSubstring(ctx, s.clientPod, "Successfully SELECTED") -//} - func TestPostgresEnforcementTestSuite(t *testing.T) { suite.Run(t, new(PostgresTestSuite)) } diff --git a/tests/go.mod b/tests/go.mod index 157716c1..a4ae4958 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -13,7 +13,7 @@ require ( github.com/jackc/pgx/v5 v5.6.0 github.com/joho/godotenv v1.5.1 github.com/lib/pq v1.10.9 - github.com/otterize/intents-operator/src v0.0.0-20240623113422-6820f7294c78 + github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5 github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 @@ -38,9 +38,6 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/hcsshim v0.11.4 // indirect - github.com/agnivade/levenshtein v1.1.1 // indirect - github.com/alexflint/go-arg v1.4.2 // indirect - github.com/alexflint/go-scalar v1.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bugsnag/bugsnag-go/v2 v2.2.0 // indirect @@ -155,7 +152,6 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect - golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.6.0 // indirect @@ -163,7 +159,6 @@ require ( golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.18.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect diff --git a/tests/go.sum b/tests/go.sum index b01c09e5..c13efad8 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -50,13 +50,10 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/agnivade/levenshtein v1.1.0/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alexflint/go-arg v1.4.2 h1:lDWZAXxpAnZUq4qwb86p/3rIJJ2Li81EoMbTMujhVa0= github.com/alexflint/go-arg v1.4.2/go.mod h1:9iRbDxne7LcR/GSvEr7ma++GLpdIU1zrghf2y2768kM= -github.com/alexflint/go-scalar v1.0.0 h1:NGupf1XV/Xb04wXskDFzS0KWOLH632W/EO4fAFi+A70= github.com/alexflint/go-scalar v1.0.0/go.mod h1:GpHzbCOZXEKMEcygYQ5n/aa4Aq84zbxjy3MxYW0gjYw= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= @@ -387,8 +384,6 @@ github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/ github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5 h1:H/18oQxpUqdrlyaIw66jo3yEWN8wohl/0+V9Ko1i7Ic= github.com/otterize/intents-operator/src v0.0.0-20240602085502-4104fcfa98d5/go.mod h1:7vDL6/NAo7AobUGqDGU/277xGyb0KTRQoqRjoouhh44= -github.com/otterize/intents-operator/src v0.0.0-20240623113422-6820f7294c78 h1:YDVGIeLdoLqSZfF9eRJyBP0GRK7UsIoWWCUQcX9qW5M= -github.com/otterize/intents-operator/src v0.0.0-20240623113422-6820f7294c78/go.mod h1:7vDL6/NAo7AobUGqDGU/277xGyb0KTRQoqRjoouhh44= github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= From 8f7c91d4d8831980be071f41e317effb3eeedfdf Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 16:16:26 +0300 Subject: [PATCH 16/17] Remove local environments hacks --- tests/base_suite.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/base_suite.go b/tests/base_suite.go index 11b1ae35..8c6048ec 100644 --- a/tests/base_suite.go +++ b/tests/base_suite.go @@ -90,14 +90,6 @@ func (s *BaseSuite) SetupSuite() { } func (s *BaseSuite) GetDefaultHelmChartValues() map[string]any { - //os.Setenv("INTENTS_OPERATOR_REPOSITORY", "us-central1-docker.pkg.dev/main-383408/otterize") - //os.Setenv("INTENTS_OPERATOR_IMAGE", "intents-operator") - //os.Setenv("INTENTS_OPERATOR_TAG", "5abc12708ac0d022c658d2cd665d65f6d4aa71a0") - //os.Setenv("CREDENTIALS_OPERATOR_REPOSITORY", "us-central1-docker.pkg.dev/main-383408/otterize") - //os.Setenv("CREDENTIALS_OPERATOR_IMAGE", "credentials-operator") - //os.Setenv("CREDENTIALS_OPERATOR_TAG", "4f4062035308a2b8baf8c0f29bc53ce15d05286c") - logrus.WithField("environment", os.Environ()).Info("Environment variables") - defaultValues := map[string]any{ "global": map[string]any{ "deployment": map[string]any{ From 949a04bfc6a23a936ec23b5ce0dbf62b33471f3e Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Sun, 23 Jun 2024 16:16:52 +0300 Subject: [PATCH 17/17] Remove unused code --- tests/databases/postgres/postgres_test.go | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/tests/databases/postgres/postgres_test.go b/tests/databases/postgres/postgres_test.go index 38def5a3..6f5617aa 100644 --- a/tests/databases/postgres/postgres_test.go +++ b/tests/databases/postgres/postgres_test.go @@ -19,15 +19,14 @@ import ( ) const ( - PostgresRootCredentialsSecretName = "postgres-root-credentials" - PostgresRootPassword = "integrationtestpassword11" - PostgresCredsSecretName = "postgres-user-password" - PostgresSvcName = "otterize-database" - PostgresDatabaseName = "test-db" - PostgresInstanceName = "otterize-postgres" - PostgresRootUser = "otterize-admin" - IntentsResourceName = "psql-client-intents" - PostgresConnectionString = "postgres://%s:%s@%s:5432/%s" + PostgresRootPassword = "integrationtestpassword11" + PostgresCredsSecretName = "postgres-user-password" + PostgresSvcName = "otterize-database" + PostgresDatabaseName = "test-db" + PostgresInstanceName = "otterize-postgres" + PostgresRootUser = "otterize-admin" + IntentsResourceName = "psql-client-intents" + PostgresConnectionString = "postgres://%s:%s@%s:5432/%s" ) type PostgresTestSuite struct {